Date: Fri, 3 Aug 2007 10:54:20 +0200 From: Patrick Proniewski <patpro@patpro.net> To: "Fai Cheng" <fai@g2019.net> Cc: freebsd-pf@freebsd.org Subject: Re: Block WWW.ORKUT.COM Message-ID: <69794025-47B6-4DC5-891D-E0A8454CD69C@patpro.net> In-Reply-To: <4a33a74a0708030131p7024453ekcd73f4d55972a0bd@mail.gmail.com> References: <20070803073610.GA39968@quartzo.cirp.usp.br> <EDF8D957-D85E-4665-B7FC-A974797D0FD2@patpro.net> <4a33a74a0708030131p7024453ekcd73f4d55972a0bd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03 ao=FBt 2007, at 10:31, Fai Cheng wrote: > I don't think this is impossible. depends on how you could =20 > configure the > firewall. If you can block all traffics but allow those only you =20 > need. (e.g. > to your partner site only, deny all outgoing traffic) this is a good solution (technically speaking), but unless your =20 working in a very tight security environment, you might prefer =20 education over extensive blocking. > Modify the DNS / hosts files is a trick way but its work. as long as the user won't put is own hosts file on his system. > but you have to > know what is behind the host. e.g. they can use orkut.l.google.com =20 > instead > of www.orkut.com. So the white list approach is easier to handle. =20 > (If you > can) sure. > Of course different proxy (e.g. running proxy in 80 or 443 port) is =20= > hard to > block, this case you need to monitor the traffic and see any ppl go to > specific host with large amount of traffic. So you may notice the =20 > problems. not hard, just impossible (in a blacklist context), because there is =20 no way you can know every proxy/anonymizer. It's exactly the same a =20 fighting spam. You block something, the spammer will find his way in =20 again, you block it again, etc. patpro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69794025-47B6-4DC5-891D-E0A8454CD69C>